package okhttp3.internal.tls;

import cn.jiguang.internal.JConstants;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.UUID;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.bb;
import org.bouncycastle.asn1.h.c;
import org.bouncycastle.asn1.i;
import org.bouncycastle.asn1.i.h;
import org.bouncycastle.asn1.i.j;
import org.bouncycastle.asn1.i.m;
import org.bouncycastle.asn1.i.n;
import org.bouncycastle.asn1.l;
import org.bouncycastle.jce.a;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.b;

/* loaded from: classes3.dex */
public final class HeldCertificate {
    public final X509Certificate certificate;
    public final KeyPair keyPair;

    /* loaded from: classes4.dex */
    public static final class Builder {
        private String hostname;
        private HeldCertificate issuedBy;
        private KeyPair keyPair;
        private int maxIntermediateCas;
        private final long duration = JConstants.DAY;
        private String serialNumber = "1";

        static {
            Security.addProvider(new BouncyCastleProvider());
        }

        public final HeldCertificate build() throws GeneralSecurityException {
            X500Principal x500Principal;
            KeyPair keyPair;
            X500Principal x500Principal2;
            KeyPair keyPair2 = this.keyPair;
            if (keyPair2 == null) {
                keyPair2 = generateKeyPair();
            }
            if (this.hostname != null) {
                x500Principal = new X500Principal("CN=" + this.hostname);
            } else {
                x500Principal = new X500Principal("CN=" + UUID.randomUUID());
            }
            HeldCertificate heldCertificate = this.issuedBy;
            if (heldCertificate != null) {
                keyPair = heldCertificate.keyPair;
                x500Principal2 = this.issuedBy.certificate.getSubjectX500Principal();
            } else {
                keyPair = keyPair2;
                x500Principal2 = x500Principal;
            }
            long currentTimeMillis = System.currentTimeMillis();
            b bVar = new b();
            BigInteger bigInteger = new BigInteger(this.serialNumber);
            if (bigInteger.compareTo(BigInteger.ZERO) <= 0) {
                throw new IllegalArgumentException("serial number must be a positive integer");
            }
            bVar.f12675a.f12615b = new i(bigInteger);
            try {
                bVar.f12675a.d = c.a(new a(x500Principal2.getEncoded()));
                bVar.f12675a.e = new j(new Date(currentTimeMillis));
                bVar.f12675a.f = new j(new Date(currentTimeMillis + JConstants.DAY));
                try {
                    bVar.f12675a.g = c.a(new a(x500Principal.getEncoded()).u_());
                    try {
                        bVar.f12675a.h = h.a(new org.bouncycastle.asn1.h(keyPair2.getPublic().getEncoded()).a());
                        bVar.d = "SHA256WithRSAEncryption";
                        try {
                            bVar.f12676b = org.bouncycastle.x509.a.a("SHA256WithRSAEncryption");
                            bVar.f12677c = org.bouncycastle.x509.a.a(bVar.f12676b, "SHA256WithRSAEncryption");
                            bVar.f12675a.f12616c = bVar.f12677c;
                            if (this.maxIntermediateCas > 0) {
                                l lVar = m.g;
                                org.bouncycastle.asn1.i.b bVar2 = new org.bouncycastle.asn1.i.b(this.maxIntermediateCas);
                                n nVar = bVar.e;
                                l lVar2 = new l(lVar.f12533a);
                                try {
                                    byte[] a2 = bVar2.u_().a("DER");
                                    if (nVar.f12623a.containsKey(lVar2)) {
                                        throw new IllegalArgumentException("extension " + lVar2 + " already added");
                                    }
                                    nVar.f12624b.addElement(lVar2);
                                    nVar.f12623a.put(lVar2, new org.bouncycastle.asn1.i.l(new bb(a2)));
                                } catch (IOException e) {
                                    throw new IllegalArgumentException("error encoding value: ".concat(String.valueOf(e)));
                                }
                            }
                            return new HeldCertificate(bVar.a(keyPair.getPrivate(), "BC"), keyPair2);
                        } catch (Exception e2) {
                            throw new IllegalArgumentException("Unknown signature type requested: ".concat(String.valueOf("SHA256WithRSAEncryption")));
                        }
                    } catch (Exception e3) {
                        throw new IllegalArgumentException("unable to process key - " + e3.toString());
                    }
                } catch (IOException e4) {
                    throw new IllegalArgumentException("can't process principal: ".concat(String.valueOf(e4)));
                }
            } catch (IOException e5) {
                throw new IllegalArgumentException("can't process principal: ".concat(String.valueOf(e5)));
            }
        }

        public final Builder ca(int i) {
            this.maxIntermediateCas = i;
            return this;
        }

        public final Builder commonName(String str) {
            this.hostname = str;
            return this;
        }

        public final KeyPair generateKeyPair() throws GeneralSecurityException {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
            keyPairGenerator.initialize(1024, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        }

        public final Builder issuedBy(HeldCertificate heldCertificate) {
            this.issuedBy = heldCertificate;
            return this;
        }

        public final Builder keyPair(KeyPair keyPair) {
            this.keyPair = keyPair;
            return this;
        }

        public final Builder serialNumber(String str) {
            this.serialNumber = str;
            return this;
        }
    }

    public HeldCertificate(X509Certificate x509Certificate, KeyPair keyPair) {
        this.certificate = x509Certificate;
        this.keyPair = keyPair;
    }
}
